CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
Locked
nagiosuser1000
Posts: 29
Joined: Thu Apr 25, 2019 2:04 pm

CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL

Post by nagiosuser1000 »

getting the following error.

CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with
You do not have the required permissions to view the files attached to this post.
benjaminsmith
Posts: 5324
Joined: Wed Aug 22, 2018 4:39 pm
Location: saint paul

Re: CHECK_NRPE: (ssl_err != 5) Error - Could not complete SS

Post by benjaminsmith »

Hi @nagiosuser1000,

We have a guide for troubleshooting this error. You will want to check to make sure the NRPE is running, the configuration file is correct and SSL was enabled at compile time.

NRPE - CHECK_NRPE: Error - Could Not Complete SSL Handshake

Let us know if you're able to resolve.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.

Be sure to check out our Knowledgebase for helpful articles and solutions!
nagiosuser1000
Posts: 29
Joined: Thu Apr 25, 2019 2:04 pm

Re: CHECK_NRPE: (ssl_err != 5) Error - Could not complete SS

Post by nagiosuser1000 »

Thanks a lot for the reply.

we are still getting same error. we try to query the services after making changes to nrpe. It is giving me error.
You do not have the required permissions to view the files attached to this post.
benjaminsmith
Posts: 5324
Joined: Wed Aug 22, 2018 4:39 pm
Location: saint paul

Re: CHECK_NRPE: (ssl_err != 5) Error - Could not complete SS

Post by benjaminsmith »

Hi,

Are you able to communicate from the Nagios XI server to the remote host? For example, run the following test command from the terminal:

Code: Select all

cd /usr/local/nagios/libexec
su nagios
./check_nrpe -H <remote-host-ip-address>
It should output which version of NRPE is running. Let me know the results.

Next, if you go to Admin > System Information > System Status. Are all the system components running (green)? Please see attached image. If one of the components is not running, re-start Nagios.

Code: Select all

systemctl stop crond
systemctl stop npcd
systemctl stop nagios
systemctl stop ndo2db
pkill -9 -u nagios
rm -rf /usr/local/nagiosxi/var/dbmaint.lock
rm -rf /usr/local/nagiosxi/var/event_handler.lock
rm -rf /usr/local/nagiosxi/scripts/reconfigure_nagios.lock
systemctl restart mariadb
systemctl start ndo2db
systemctl start nagios
systemctl start npcd
systemctl start crond
If the issue is not resolved, please PM your system profile for us to review

To send us your system profile.

Login to the Nagios XI GUI using a web browser.
Click the "Admin" > "System Profile" Menu
Click the "Download Profile" button
Save the profile.zip file and share in a private message or upload it to the post/ticket.
You do not have the required permissions to view the files attached to this post.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.

Be sure to check out our Knowledgebase for helpful articles and solutions!
nagiosuser1000
Posts: 29
Joined: Thu Apr 25, 2019 2:04 pm

Re: CHECK_NRPE: (ssl_err != 5) Error - Could not complete SS

Post by nagiosuser1000 »

./check_nrpe -H 127.0.0.1
NRPE v3.2.1
[nagios@hostname libexec]$ ./check_nrpe -H x.x.x.x
CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with 172.16.54.146: 1
[nagios@hostname libexec]$ ./check_nrpe -H hostname
connect to address 172.16.54.103 port 5666: Connection refused
connect to host susmant4 port 5666: Connection refused
[nagios@hostname libexec]$ ./check_nrpe -H hostname
connect to address 172.16.54.72 port 5666: Connection refused
connect to host suslnxt01 port 5666: Connection refused
[nagios@hostname libexec]$ ./check_nrpe -H hostname
NRPE v3.2.1
[nagios@hostname libexec]$ systemctl stop crond
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to manage system services or units.
Authenticating as: loginame)
Password:
polkit-agent-helper-1: pam_authenticate failed: Authentication failure
==== AUTHENTICATION FAILED ===
Failed to stop crond.service: Access denied
See system logs and 'systemctl status crond.service' for details.
[nagios@hostname libexec]$ exit
exit
[root@hostname libexec]# systemctl stop crond
rm -rf /usr/local/nagiosxi/scripts/reconfigure_nagios.lock
systemctl restart mariadb
systemctl start ndo2db
systemctl start nagios
systemctl start npcd
systemctl start crond
[root@hostname libexec]# systemctl stop npcd
[root@hostname libexec]# systemctl stop nagios
[root@hostname libexec]# systemctl stop ndo2db
[root@hostname libexec]# pkill -9 -u nagios
[root@hostname libexec]# rm -rf /usr/local/nagiosxi/var/dbmaint.lock
[root@hostname libexec]# rm -rf /usr/local/nagiosxi/var/event_handler.lock
[root@hostname libexec]# rm -rf /usr/local/nagiosxi/scripts/reconfigure_nagios.lock
[root@hostname libexec]# systemctl restart mariadb
[root@hostname libexec]# systemctl start ndo2db
[root@hostname libexec]# systemctl start nagios
Job for nagios.service failed because the control process exited with error code. See "systemctl status nagios.service" and "journalctl -xe" for details.
[root@hostname libexec]# systemctl start npcd
[root@hostname libexec]# systemctl start crond
[root@hostname libexec]#

journalctl -xe
-- Support: http://lists.freedesktop.org/mailman/li ... temd-devel
--
-- Unit session-13904.scope has begun starting up.
May 22 15:04:01 hostname.usa.sumco.lcl CROND[3968]: (nagios) CMD (/usr/bin/php -q /usr/local/nagiosxi/cron/cmdsubsys
May 22 15:04:01 hostname.usa.sumco.lcl CROND[3969]: (nagios) CMD (/usr/bin/php -q /usr/local/nagiosxi/cron/sysstat.p
May 22 15:04:01 hostname.usa.sumco.lcl sudo[4042]: nagios : TTY=unknown ; PWD=/home/nagios ; USER=root ; COMMAND=/
May 22 15:04:01 hostname.usa.sumco.lcl sudo[4042]: pam_unix(sudo:session): session opened for user root by (uid=0)
May 22 15:04:01 hostname.usa.sumco.lcl sudo[4042]: pam_unix(sudo:session): session closed for user root
May 22 15:04:01 hostname.usa.sumco.lcl sudo[4071]: nagios : TTY=unknown ; PWD=/home/nagios ; USER=root ; COMMAND=/
May 22 15:04:01 hostname.usa.sumco.lcl sudo[4071]: pam_unix(sudo:session): session opened for user root by (uid=0)
May 22 15:04:01 hostname.usa.sumco.lcl sudo[4071]: pam_unix(sudo:session): session closed for user root
May 22 15:04:01 hostname.usa.sumco.lcl sudo[4098]: nagios : TTY=unknown ; PWD=/home/nagios ; USER=root ; COMMAND=/
May 22 15:04:01 hostname.usa.sumco.lcl sudo[4098]: pam_unix(sudo:session): session opened for user root by (uid=0)
May 22 15:04:01 hostname.usa.sumco.lcl sudo[4098]: pam_unix(sudo:session): session closed for user root
ESCOC
systemd-devel


s) CMD (/usr/bin/php -q /usr/local/nagiosxi/cron/cmdsubsys.php >> /usr/local/nagiosxi/var/cmdsubsys.log 2>&1)
s) CMD (/usr/bin/php -q /usr/local/nagiosxi/cron/sysstat.php >> /usr/local/nagiosxi/var/sysstat.log 2>&1)
s : TTY=unknown ; PWD=/home/nagios ; USER=root ; COMMAND=/usr/local/nagiosxi/scripts/manage_services.sh status nagio
x(sudo:session): session opened for user root by (uid=0)
x(sudo:session): session closed for user root
s : TTY=unknown ; PWD=/home/nagios ; USER=root ; COMMAND=/usr/local/nagiosxi/scripts/manage_services.sh status npcd
x(sudo:session): session opened for user root by (uid=0)
x(sudo:session): session closed for user root
s : TTY=unknown ; PWD=/home/nagios ; USER=root ; COMMAND=/usr/local/nagiosxi/scripts/manage_services.sh status ndo2d
x(sudo:session): session opened for user root by (uid=0)
x(sudo:session): session closed for user root
ESCOC



.php >> /usr/local/nagiosxi/var/cmdsubsys.log 2>&1)
hp >> /usr/local/nagiosxi/var/sysstat.log 2>&1)
usr/local/nagiosxi/scripts/manage_services.sh status nagios


usr/local/nagiosxi/scripts/manage_services.sh status npcd


usr/local/nagiosxi/scripts/manage_services.sh status ndo2db


ESCOD
systemd-devel


s) CMD (/usr/bin/php -q /usr/local/nagiosxi/cron/cmdsubsys.php >> /usr/local/nagiosxi/var/cmdsubsys.log 2>&1)
s) CMD (/usr/bin/php -q /usr/local/nagiosxi/cron/sysstat.php >> /usr/local/nagiosxi/var/sysstat.log 2>&1)
s : TTY=unknown ; PWD=/home/nagios ; USER=root ; COMMAND=/usr/local/nagiosxi/scripts/manage_services.sh status nagio
x(sudo:session): session opened for user root by (uid=0)
x(sudo:session): session closed for user root
s : TTY=unknown ; PWD=/home/nagios ; USER=root ; COMMAND=/usr/local/nagiosxi/scripts/manage_services.sh status npcd
x(sudo:session): session opened for user root by (uid=0)
x(sudo:session): session closed for user root
s : TTY=unknown ; PWD=/home/nagios ; USER=root ; COMMAND=/usr/local/nagiosxi/scripts/manage_services.sh status ndo2d
x(sudo:session): session opened for user root by (uid=0)
x(sudo:session): session closed for user root
ESCOD
-- Support: http://lists.freedesktop.org/mailman/li ... temd-devel
--
-- Unit session-13904.scope has begun starting up.
May 22 15:04:01 hostname.usa.sumco.lcl CROND[3968]: (nagios) CMD (/usr/bin/php -q /usr/local/nagiosxi/cron/cmdsubsys
May 22 15:04:01 hostname.usa.sumco.lcl CROND[3969]: (nagios) CMD (/usr/bin/php -q /usr/local/nagiosxi/cron/sysstat.p
May 22 15:04:01 hostname.usa.sumco.lcl sudo[4042]: nagios : TTY=unknown ; PWD=/home/nagios ; USER=root ; COMMAND=/
May 22 15:04:01 hostname.usa.sumco.lcl sudo[4042]: pam_unix(sudo:session): session opened for user root by (uid=0)
May 22 15:04:01 hostname.usa.sumco.lcl sudo[4042]: pam_unix(sudo:session): session closed for user root
May 22 15:04:01 hostname.usa.sumco.lcl sudo[4071]: nagios : TTY=unknown ; PWD=/home/nagios ; USER=root ; COMMAND=/
May 22 15:04:01 hostname.usa.sumco.lcl sudo[4071]: pam_unix(sudo:session): session opened for user root by (uid=0)
May 22 15:04:01 hostname.usa.sumco.lcl sudo[4071]: pam_unix(sudo:session): session closed for user root
May 22 15:04:01 hostname.usa.sumco.lcl sudo[4098]: nagios : TTY=unknown ; PWD=/home/nagios ; USER=root ; COMMAND=/
May 22 15:04:01 hostname.usa.sumco.lcl sudo[4098]: pam_unix(sudo:session): session opened for user root by (uid=0)
May 22 15:04:01 hostname.usa.sumco.lcl sudo[4098]: pam_unix(sudo:session): session closed for user root
Last edited by benjaminsmith on Thu May 23, 2019 9:37 am, edited 1 time in total.
Reason: saved profile
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: CHECK_NRPE: (ssl_err != 5) Error - Could not complete SS

Post by cdienger »

Verify that the nrpe service is up on the other device by running "netstat -nap | grep 5666" If you don't see this port listening then the program isn't running and you should try to restart it. If it is using xinetd then use "service xinetd restart" or use service nrpe restart". Please provide the nrpe.cfg and /etc/xinetd.d/nrpe if it still doesn't work after this.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
benjaminsmith
Posts: 5324
Joined: Wed Aug 22, 2018 4:39 pm
Location: saint paul

Re: CHECK_NRPE: (ssl_err != 5) Error - Could not complete SS

Post by benjaminsmith »

Also, looking in the apache log, I believe the ssl certificate is incorrectly installed on this server.
[Wed May 22 14:43:12.427898 2019] [:error] [pid 23008] SSL Library Error: -12263 SSL received a record that exceeded the maximum permissible length
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.

Be sure to check out our Knowledgebase for helpful articles and solutions!
Locked